bisecting cause commit starting from bf3e76289cd28b87f679cd53e26d67fd708d718a
building syzkaller on 64069d48f293e0be98d4a78a6f7be23861cc1e06
testing commit bf3e76289cd28b87f679cd53e26d67fd708d718a with gcc (GCC) 8.1.0
kernel signature: 972a2fdc41f84456c70e64eeb4bb96b3664b3893577f16db0926a97679f9049e
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0
kernel signature: 5a15b1edcab1ab4abcb6aabaa9d641ef3b5e60fe3c01f52595240031165d717c
all runs: OK
# git bisect start bf3e76289cd28b87f679cd53e26d67fd708d718a bbf5c979011a099af5dc76498918ed7df445635b
Bisecting: 7776 revisions left to test after this (roughly 13 steps)
[4986fac160b3eb1432ca9970d51c55f4f93b1a2e] mm/memory_hotplug: enforce section granularity when onlining/offlining
testing commit 4986fac160b3eb1432ca9970d51c55f4f93b1a2e with gcc (GCC) 8.1.0
kernel signature: 5afdd96ceedabacd2c5fe9b40151abc86812fb1a9e5cd9c55209d34031c2b476
all runs: OK
# git bisect good 4986fac160b3eb1432ca9970d51c55f4f93b1a2e
Bisecting: 3893 revisions left to test after this (roughly 12 steps)
[a1e16bc7d5f7ca3599d8a7f061841c93a563665e] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit a1e16bc7d5f7ca3599d8a7f061841c93a563665e with gcc (GCC) 8.1.0
kernel signature: 26b3bfcedbff25d2c992ef77cd3c53ced6af128b38a43809a63bed904c596621
all runs: OK
# git bisect good a1e16bc7d5f7ca3599d8a7f061841c93a563665e
Bisecting: 1948 revisions left to test after this (roughly 11 steps)
[1f70935f637dfba226bf77182c2629fde61ed06e] Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 1f70935f637dfba226bf77182c2629fde61ed06e with gcc (GCC) 8.1.0
kernel signature: cbf96d47d72d638536815d78226e0fa9bec41f342f1900a5941cede670a83f8a
all runs: OK
# git bisect good 1f70935f637dfba226bf77182c2629fde61ed06e
Bisecting: 964 revisions left to test after this (roughly 10 steps)
[e533cda12d8f0e7936354bafdc85c81741f805d2] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit e533cda12d8f0e7936354bafdc85c81741f805d2 with gcc (GCC) 8.1.0
kernel signature: 37b14ff5f09557520d56889e4be30390a9d132ceb61a3b67ce249a51f4898a62
all runs: OK
# git bisect good e533cda12d8f0e7936354bafdc85c81741f805d2
Bisecting: 480 revisions left to test after this (roughly 9 steps)
[53760f9b74a3412c1b67a20b0e8dbf7c3cebfc45] Merge tag 'flexible-array-conversions-5.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux
testing commit 53760f9b74a3412c1b67a20b0e8dbf7c3cebfc45 with gcc (GCC) 8.1.0
kernel signature: a4f6895bc8f3f179967a2548a668a937d13a346346aebd7fe12f1adcd962c3ce
all runs: OK
# git bisect good 53760f9b74a3412c1b67a20b0e8dbf7c3cebfc45
Bisecting: 235 revisions left to test after this (roughly 8 steps)
[f786dfa3745b92f2fa91e0a0b9f3509907111d96] Merge tag 'pm-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
testing commit f786dfa3745b92f2fa91e0a0b9f3509907111d96 with gcc (GCC) 8.1.0
kernel signature: f7e3318262fac15b1718cbdf3c24318f66fb0b7c9bb50100cf139e6885753bee
all runs: OK
# git bisect good f786dfa3745b92f2fa91e0a0b9f3509907111d96
Bisecting: 119 revisions left to test after this (roughly 7 steps)
[4257087e8feb2e6f918eb0773eb1c1a697dd2a39] Merge tag 'arc-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc
testing commit 4257087e8feb2e6f918eb0773eb1c1a697dd2a39 with gcc (GCC) 8.1.0
kernel signature: f993a86c6dacec30a5ef34d022adb96d847acd2bfd3d6653ffcc8c22ee73179c
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 4257087e8feb2e6f918eb0773eb1c1a697dd2a39
Bisecting: 57 revisions left to test after this (roughly 6 steps)
[018799649071a1638c0c130526af36747df4355a] can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A
testing commit 018799649071a1638c0c130526af36747df4355a with gcc (GCC) 8.1.0
kernel signature: 26d532eb09c180482947e0cc90f1b1eece8d6ca16034ea55f5de1efbeaa9771d
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 018799649071a1638c0c130526af36747df4355a
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[42172f44df77f83777d1b5004db99c23bd2df7a4] Merge branch 'dpaa_eth-buffer-layout-fixes'
testing commit 42172f44df77f83777d1b5004db99c23bd2df7a4 with gcc (GCC) 8.1.0
kernel signature: 7ef3a5214d06b8e0968eeacc104367a82d5a46656c430552b173b5b49bfbad89
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 42172f44df77f83777d1b5004db99c23bd2df7a4
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[20149e9eb68c003eaa09e7c9a49023df40779552] ip_tunnel: fix over-mtu packet send fail without TUNNEL_DONT_FRAGMENT flags
testing commit 20149e9eb68c003eaa09e7c9a49023df40779552 with gcc (GCC) 8.1.0
kernel signature: 6d9249898025e9c8c831c12a1de61e348afffaa68c1a921b7f4608be2c9543af
all runs: OK
# git bisect good 20149e9eb68c003eaa09e7c9a49023df40779552
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[c2f46814521113f6699a74e0a0424cbc5b305479] mac80211: don't require VHT elements for HE on 2.4 GHz
testing commit c2f46814521113f6699a74e0a0424cbc5b305479 with gcc (GCC) 8.1.0
kernel signature: 133bce03efe10c05640b81f417aceda7158c92465489386144c30801257e35a8
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad c2f46814521113f6699a74e0a0424cbc5b305479
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[9bdaf3b91efd229dd272b228e13df10310c80d19] cfg80211: initialize wdev data earlier
testing commit 9bdaf3b91efd229dd272b228e13df10310c80d19 with gcc (GCC) 8.1.0
kernel signature: 7b0cc9004c24968ad4e6027d6e1b9b1b689de8fe57594f39d1c7116f130af04e
all runs: OK
# git bisect good 9bdaf3b91efd229dd272b228e13df10310c80d19
Bisecting: 1 revision left to test after this (roughly 1 step)
[b1e8eb11fb9cf666d8ae36bbcf533233a504c921] mac80211: fix kernel-doc markups
testing commit b1e8eb11fb9cf666d8ae36bbcf533233a504c921 with gcc (GCC) 8.1.0
kernel signature: 8a4fb75e1e6c294b2e849102cee81502516039762d696894d421f87fc0322438
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad b1e8eb11fb9cf666d8ae36bbcf533233a504c921
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[dcd479e10a0510522a5d88b29b8f79ea3467d501] mac80211: always wind down STA state
testing commit dcd479e10a0510522a5d88b29b8f79ea3467d501 with gcc (GCC) 8.1.0
kernel signature: c18d12f339896626b908297135e59b52f049f699ef2ab208ffef058648bc4387
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad dcd479e10a0510522a5d88b29b8f79ea3467d501
dcd479e10a0510522a5d88b29b8f79ea3467d501 is the first bad commit
commit dcd479e10a0510522a5d88b29b8f79ea3467d501
Author: Johannes Berg <johannes.berg@intel.com>
Date:   Fri Oct 9 14:17:11 2020 +0200

    mac80211: always wind down STA state
    
    When (for example) an IBSS station is pre-moved to AUTHORIZED
    before it's inserted, and then the insertion fails, we don't
    clean up the fast RX/TX states that might already have been
    created, since we don't go through all the state transitions
    again on the way down.
    
    Do that, if it hasn't been done already, when the station is
    freed. I considered only freeing the fast TX/RX state there,
    but we might add more state so it's more robust to wind down
    the state properly.
    
    Note that we warn if the station was ever inserted, it should
    have been properly cleaned up in that case, and the driver
    will probably not like things happening out of order.
    
    Reported-by: syzbot+2e293dbd67de2836ba42@syzkaller.appspotmail.com
    Link: https://lore.kernel.org/r/20201009141710.7223b322a955.I95bd08b9ad0e039c034927cce0b75beea38e059b@changeid
    Signed-off-by: Johannes Berg <johannes.berg@intel.com>

 net/mac80211/sta_info.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
culprit signature: c18d12f339896626b908297135e59b52f049f699ef2ab208ffef058648bc4387
parent  signature: 7b0cc9004c24968ad4e6027d6e1b9b1b689de8fe57594f39d1c7116f130af04e
revisions tested: 16, total time: 3h42m48.041816827s (build: 1h9m46.554182868s, test: 2h31m38.888098706s)
first bad commit: dcd479e10a0510522a5d88b29b8f79ea3467d501 mac80211: always wind down STA state
recipients (to): ["davem@davemloft.net" "johannes.berg@intel.com" "johannes@sipsolutions.net" "kuba@kernel.org" "linux-wireless@vger.kernel.org" "netdev@vger.kernel.org"]
recipients (cc): ["linux-kernel@vger.kernel.org"]
crash: BUG: sleeping function called from invalid context in sta_info_move_state
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 55, name: kworker/u4:3
4 locks held by kworker/u4:3/55:
 #0: ffff88811dff9538 ((wq_completion)phy11){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff88811dff9538 ((wq_completion)phy11){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88811dff9538 ((wq_completion)phy11){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #1: ffffc90000d53e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #1: ffffc90000d53e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #1: ffffc90000d53e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #2: ffff88811e828d00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1021 [inline]
 #2: ffff88811e828d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline]
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732
Preemption disabled at:
[<ffffffff835cd8a0>] __mutex_lock_common kernel/locking/mutex.c:955 [inline]
[<ffffffff835cd8a0>] __mutex_lock+0x70/0x9f0 kernel/locking/mutex.c:1103
CPU: 1 PID: 55 Comm: kworker/u4:3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy11 ieee80211_iface_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0x97 lib/dump_stack.c:118
 ___might_sleep.cold.110+0xf2/0x106 kernel/sched/core.c:7298
 sta_info_move_state+0x1a/0x2b0 net/mac80211/sta_info.c:1962
 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274
 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738
 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592
 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700
 process_one_work+0x273/0x600 kernel/workqueue.c:2272
 worker_thread+0x38/0x380 kernel/workqueue.c:2418
 kthread+0x144/0x170 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

=============================
[ BUG: Invalid wait context ]
5.10.0-rc1-syzkaller #0 Tainted: G        W        
-----------------------------
kworker/u4:3/55 is trying to lock:
ffff88811e81a9d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2740
other info that might help us debug this:
context-{4:4}
4 locks held by kworker/u4:3/55:
 #0: ffff88811dff9538 ((wq_completion)phy11){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff88811dff9538 ((wq_completion)phy11){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88811dff9538 ((wq_completion)phy11){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #1: ffffc90000d53e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #1: ffffc90000d53e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #1: ffffc90000d53e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #2: ffff88811e828d00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1021 [inline]
 #2: ffff88811e828d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline]
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732
stack backtrace:
CPU: 1 PID: 55 Comm: kworker/u4:3 Tainted: G        W         5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy11 ieee80211_iface_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0x97 lib/dump_stack.c:118
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4489 [inline]
 check_wait_context kernel/locking/lockdep.c:4550 [inline]
 __lock_acquire.cold.73+0x160/0x2be kernel/locking/lockdep.c:4787
 lock_acquire+0xd0/0x3d0 kernel/locking/lockdep.c:5442
 __mutex_lock_common kernel/locking/mutex.c:956 [inline]
 __mutex_lock+0x94/0x9f0 kernel/locking/mutex.c:1103
 ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2740
 sta_info_move_state+0x140/0x2b0 net/mac80211/sta_info.c:2019
 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274
 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738
 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592
 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700
 process_one_work+0x273/0x600 kernel/workqueue.c:2272
 worker_thread+0x38/0x380 kernel/workqueue.c:2418
 kthread+0x144/0x170 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296